Jun 24, 2018

Here are some instructions on how to deploy a NDIS virtual switch extension to a Hyper-V Virtual Switch. This will save you some headaches during the driver deployment and validation process. Of course, before doing any of this, make sure you have a test host set up in Test Mode. "bcdedit /set testsigning on" Then reboot.

First comes first, after creating a basic NDIS lightweight filter driver project, make sure that your INF file is configured correctly. Here is a basic example, which will create a modifying filter driver which build for x64, and attaches only to virtual switches.

The comments here are mostly from the NDIS lightweight filter template which comes with the Windows Driver Kit. Now you can install the driver onto a target computer. Assuming the target computer is a 64 bit machine.

; The important sections to note from the .info file:
; This specifies the x64 install, and we will need 'BADFLYER_basicndis' to install with netcfg
[MSFT.NTamd64]
%basicndis_Desc%=Install, BADFLYER_basicndis
; This specifies that this is a filtering extension
HKR, Ndi,FilterClass,, "ms_switch_filter"
; This specifies that we will bind to a virtual switch as an extension
HKR, Ndi\Interfaces, FilterMediaTypes,,"vmnetextension"
; 0x800 Automatically starts the driver after installation.
AddService=basicndis,0x800,basicndis_Service_Inst

Compile the project as x64

Copy the output to the target computer. (The target computer should bet in testmode "bcdedit /set testsigning on").
The output directory should contain atleast 3 files.

basicndis.cat

basicndis.inf

basicndis.sys

Use netcfg to install the driver. (instructions below)

Use powershell to enable the extension on the virtual switch (instructions below)

So, now that the files are copied over. You can use netcfg.exe to install the driver service. This will come by default on windows.

#
# You can lookup the documentation for netcfg online, but here is basically what needs to happen:
# netcfg /l <path to inf file> /c S /i <driver installation name from inf>
#
# The driver installation name can be found/set in the .inf file in the platform configuration section.
# EX: ; BADFLYER_basicndis can be used with netcfg.exe to install/uninstall the driver.
# [MSFT.NTx86]
# %basicndis_Desc%=Install, BADFLYER_basicndis
#
# Here is an example
netcfg /l C:\Users\Administrator\Desktop\basicndis\basicndis.inf /c S /i BADFLYER_basicndis

If all goes well, you will get a nice happy message about success. If it does not, you will get an error code. Logs for netcfg can be found under "C:\Windows\INF\setupapi.dev.log" aka "%SYSTEMROOT%\INF\setupapi.dev.log" and "%SYSTEMROOT%\INF\setupapi.app.log".

Hopefully as is well, can you have gotten this far, you can enable the extension on the Hyper-V virtual switch. In this example, I have a VM Switch named "InternalSwitch".

# net start <name of service>
# net stop <name of service>
# Stop-Service <name of service>
# Start-Service <name of service>
# EX: (Note, in this example this is not the same as the name given to netcfg)
# You can make them the same if you configure your inf that way, but the service
# name is not necessarily the same as the name of the section used for installation.
net start basicndis